0
10.5.0
Zurich, Yokohama, Xanadu, Washington DC, Vancouver, Utah
IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise. It provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. The IBM QRadar Offense Ingestion integration allows you to automatically fetch IBM QRadar offenses, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discovery of IBM QRadar offenses that are candidates for security incidents and automate the creation of security incidents.
- Mapping of offense, event, and flow fields to security incident fields.
- Aggregating similar offenses to existing open security incidents instead of creating duplicate security incidents.
- Validate your mapping with a preview of the offense field values in a security incident.
- Automatic offense status update for SIR incident creation and closure.
- Set up scheduled ingestions of offenses to create security incidents periodically.
- Fetch recent events or flows associated with an offense.
- Track key updates to offenses periodically.
New :
Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
Installation sequence:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket for the installation of these plugins.
- After installing the plugins, install the Event and Alert Ingestion for Security Operations (com.snc.secops.event_ingestion) plugin, which is dependent on the Security Incident Response plugin and the Security Incident Response UI.